Brief #119: First AI Ransomware Discovered, Docker Desktop CVE, CrowdStrike $290M Buy

Happy Sunday!

The disconnect between what executives think AI is doing for their security teams versus what analysts actually experience on the ground is becoming impossible to ignore - and it's a conversation every security leader needs to have this week.

In this week's brief:

• ESET discovered the first AI-powered ransomware that writes its own malicious code using publicly available AI models
• A major study reveals 71% of executives believe AI significantly improves security productivity, but only 22% of the analysts using these tools daily actually agree
• The cybersecurity job market continues tightening as companies cut training programs and expect new hires to already have enterprise experience

Industry News

First Known AI-Powered Ransomware Uncovered By ESET Research

• ESET researchers discovered "PromptLock" - the first known AI-powered ransomware that uses the gpt-oss-20b model via Ollama API to generate malicious Lua scripts on the fly for data exfiltration and encryption.

• The malware is written in Golang with both Windows and Linux variants identified, though it appears to be a proof-of-concept rather than having been deployed in actual attacks.

• This discovery demonstrates how publicly-available AI tools could dramatically lower the barrier for attackers to create sophisticated ransomware that can adapt to environments at unprecedented speed and scale.

Docker Desktop Vulnerability Allows Container Escape (CVE-2025-9074)

• A critical vulnerability in Docker Desktop for Windows and MacOS exposes the Docker Engine socket without authentication, allowing attackers to break container isolation and potentially access the host filesystem.

• On Windows, attackers can mount the entire filesystem with administrator privileges, read sensitive files, and even escalate to system administrator by overwriting DLLs, while MacOS impact is limited by additional security layers.

• The issue is fixed in Docker Desktop version 4.44.3 - Linux users are not affected as they use named pipes instead of TCP sockets for the Docker Engine API.

Storm-0501 Shifts To Cloud-Based Ransomware Tactics

• Financially motivated threat actor Storm-0501 has evolved from deploying traditional on-premises ransomware to using cloud-based tactics that leverage exfiltration of large data volumes and destruction of data/backups without malware deployment.

• The attack chain begins with on-premises Active Directory compromise, then pivots to Microsoft Entra ID through compromised Directory Synchronization Accounts, eventually elevating to Global Administrator privileges to access and control Azure resources.

• After gaining control, the actor deletes or encrypts critical storage accounts and disables protections like resource locks and immutability policies, then demands ransom through Microsoft Teams using compromised accounts.